provision new worker nodes with ansible

2024-08-09 12:07:03 +03:00
parent 8a1b0b52af
commit 5e04a1bd43
3 changed files with 156 additions and 33 deletions
--- a/ansible/kubernetes.yml
+++ b/ansible/kubernetes.yml
@@ -1,4 +1,58 @@
 ---
+# ansible-galaxy install -r requirements.yaml
+- name: Install cri-o
+  hosts:
+    - worker9.kube.k-space.ee
+  vars: 
+    CRIO_VERSION: "v1.30"
+  tasks:
+    - name: ensure curl is installed
+      ansible.builtin.apt:
+        name: curl
+        state: present
+
+    - name: Ensure /etc/apt/keyrings exists
+      ansible.builtin.file:
+        path: /etc/apt/keyrings
+        state: directory
+
+    # TODO: fix
+    # - name: add k8s repo apt key
+    #   ansible.builtin.shell: "curl -fsSL https://pkgs.k8s.io/addons:/cri-o:/stable:/{{ CRIO_VERSION }}/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/cri-o-apt-keyring.gpg"
+    
+    - name: add k8s repo
+      ansible.builtin.apt_repository:
+        repo: "deb [signed-by=/etc/apt/keyrings/cri-o-apt-keyring.gpg] https://pkgs.k8s.io/addons:/cri-o:/stable:/{{ CRIO_VERSION }}/deb/ /" 
+        state: present
+        filename: cri-o
+
+    - name: check current crictl version
+      command: "/usr/bin/crictl --version"
+      failed_when: false
+      changed_when: false
+      register: crictl_version_check
+
+    - name: download crictl
+      unarchive:
+        src: "https://github.com/kubernetes-sigs/cri-tools/releases/download/{{ CRIO_VERSION }}/crictl-{{ CRIO_VERSION }}-linux-{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}.tar.gz"
+        dest: /tmp
+        remote_src: true
+      when: >
+        crictl_version_check.stdout is not defined or CRIO_VERSION not in crictl_version_check.stdout
+      register: crictl_download_check
+
+    - name: move crictl binary into place
+      copy:
+        src: /tmp/crictl
+        dest: "/usr/bin/crictl"
+      when: >
+        exporter_download_check is changed
+
+    - name: ensure crio is installed
+      ansible.builtin.apt:
+        name: cri-o
+        state: present
+
 - name: Reconfigure Kubernetes worker nodes
  hosts:
    - storage
@@ -40,7 +94,7 @@
      loop:
        - kubelet
        - kubeadm
-        - kubectl
+        - kubectl 

    - name: Download kubectl, kubeadm, kubelet
      ansible.builtin.get_url:
@@ -52,6 +106,24 @@
        - kubectl
        - kubeadm

+    - name: Create /etc/systemd/system/kubelet.service
+      ansible.builtin.copy:
+        content: |
+          [Unit]
+          Description=kubelet: The Kubernetes Node Agent
+          Documentation=https://kubernetes.io/docs/home/
+          Wants=network-online.target
+          After=network-online.target
+          [Service]
+          ExecStart=/usr/bin/kubelet
+          Restart=always
+          StartLimitInterval=0
+          RestartSec=10
+          [Install]
+          WantedBy=multi-user.target
+        dest: /etc/systemd/system/kubelet.service
+      register: kubelet_service        
+
    - name: Create symlinks for kubectl, kubeadm, kubelet
      ansible.builtin.file:
        src: "/usr/bin/{{ item }}-{{ KUBERNETES_VERSION }}"
@@ -68,42 +140,32 @@
        name: kubelet
        enabled: true
        state: restarted
-      when: kubelet.changed
+        daemon_reload: true
+      when: kubelet.changed or kubelet_service.changed

-    - name: Create /etc/systemd/system/kubelet.service
-      ansible.builtin.copy:
-        content: |
-          [Unit]
-          Description=kubelet: The Kubernetes Node Agent
-          Documentation=https://kubernetes.io/docs/home/
-          Wants=network-online.target
-          After=network-online.target
-          [Service]
-          ExecStart=/usr/local/bin/kubelet
-          Restart=always
-          StartLimitInterval=0
-          RestartSec=10
-          [Install]
-          WantedBy=multi-user.target
-        dest: /etc/systemd/system/kubelet.service
+    - name: Ensure /var/lib/kubelet exists
+      ansible.builtin.file:
+        path: /var/lib/kubelet
+        state: directory

-    - name: Reconfigure shutdownGracePeriod
-      ansible.builtin.lineinfile:
-        path: /var/lib/kubelet/config.yaml
-        regexp: '^shutdownGracePeriod:'
-        line: 'shutdownGracePeriod: 5m'
+    - name: Configure kubelet
+      ansible.builtin.template:
+        src: kubelet.j2
+        dest: /var/lib/kubelet/config.yaml
+        mode: 644

-    - name: Reconfigure shutdownGracePeriodCriticalPods
-      ansible.builtin.lineinfile:
-        path: /var/lib/kubelet/config.yaml
-        regexp: '^shutdownGracePeriodCriticalPods:'
-        line: 'shutdownGracePeriodCriticalPods: 5m'
+    - name: Ensure /etc/systemd/system/kubelet.service.d/ exists
+      ansible.builtin.file:
+        path: /etc/systemd/system/kubelet.service.d
+        state: directory

-    - name: Work around unattended-upgrades
-      ansible.builtin.lineinfile:
-        path: /lib/systemd/logind.conf.d/unattended-upgrades-logind-maxdelay.conf
-        regexp: '^InhibitDelayMaxSec='
-        line: 'InhibitDelayMaxSec=5m0s'
+    - name: Configure kubelet service
+      ansible.builtin.template:
+        src: 10-kubeadm.j2
+        dest: /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
+        mode: 644
+
+    # TODO: register new node if needed

    - name: Disable unneccesary services
      ignore_errors: true
@@ -112,11 +174,17 @@
        - snapd
        - bluetooth
        - multipathd
+        - zram
      service:
        name: "{{item}}"
        state: stopped
        enabled: no

+    - name: Ensure /etc/containers exists
+      ansible.builtin.file:
+        path: /etc/containers
+        state: directory
+
    - name: Reset /etc/containers/registries.conf
      ansible.builtin.copy:
        content: "unqualified-search-registries = [\"docker.io\"]\n"